I need to use Container Managed Security and Authentication in my latest project. And I have a couple of queries regarding how to configure a Credential Handler.
- Firstly how will a CredentialHandler declaration look like ? Can someone provide a sample declaration of the NestedCredentialHandler with the algorithm attribute declared. I need to know since the Digest attribute in Realms has become deprecated. I didn't find any examples on the web and I am utterly confused.
- Whats the difference between
MessageDigestCredentialHandler
andSecretKeyCredentialHandler
which one is more secure ? SecretKeyCredentialHandler
specifies only one algorithm in the documentation which isPBKDF2WithHmacSHA1
. What other algorithms are available ?